apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: kube-system
  name: microservice-operator-sa
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: microservice-operator-clusterrole

rules:
  - apiGroups: [imran.dev.io]
    resources: [clusterkopfpeerings]
    verbs: [list, watch, patch, get]

  - apiGroups: [apiextensions.k8s.io]
    resources: [customresourcedefinitions]
    verbs: [list, watch]

  - apiGroups: ["", "apps", "batch", "extensions"]
    resources: [namespaces, deployments, pods, services, services/proxy, events]
    verbs: [list, watch, patch, get, create, delete]

  - apiGroups:
      [admissionregistration.k8s.io/v1, admissionregistration.k8s.io/v1beta1]
    resources: [validatingwebhookconfigurations, mutatingwebhookconfigurations]
    verbs: [create, patch]

  - apiGroups: [imran.dev.io]
    resources: [microservice, microservices]
    verbs: [list, watch, create, patch, delete, get]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: kube-system
  name: microservice-operator-role
rules:
  - apiGroups: [imran.dev.io]
    resources: [kopfpeerings]
    verbs: [list, watch, patch, get]

  - apiGroups: [imran.dev.io, apps, ""]
    resources: [microservice, microservices, deployments, pods, services, services/proxy, events]
    verbs: [list, watch, patch, get, create, delete]

  - apiGroups: [batch, extensions]
    resources: [jobs]
    verbs: [create]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: microservice-operator-clusterrolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: microservice-operator-clusterrole
subjects:
  - kind: ServiceAccount
    name: microservice-operator-sa
    namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  namespace: kube-system
  name: microservice-operator-role-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kopfexample-role-namespaced
subjects:
  - kind: ServiceAccount
    name: microservice-operator-sa

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: microservice-operator
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: microservice-operator
  template:
    metadata:
      labels:
        app: microservice-operator
    spec:
      serviceAccountName: microservice-operator-sa
      containers:
        - name: microservice-operator
          image: sayedimran/microservice-operator:v1.0.0
          resources:
            limits:
              memory: "128Mi"
              cpu: "500m"
          env:
            - name: ENV
              value: "prod"